ZDI has released a patch for Ansys SpaceClaim 2022 R1. Ansys has acknowledged the issue and released version 3.9 of the software.END - About RedPulse RedPulse is a risk and compliance management software platform that helps organizations monitor activities, detect risks, and enforce compliance across their entire enterprise. RedPSign is RedPulse's flagship product that helps companies manage risk across their enterprise by monitoring activities and detecting risks at every stage of the business process.
RedPulse Ansys SpaceClaim Patch
RedPulse's Ansys SpaceClaim patch is a vulnerability fix for the Ansys software. The patch fixed a vulnerability that allowed remote code execution, leading to unauthorized access to the system. The vulnerability was identified by ZDI and reported to Ansys. The issue has been publicly disclosed in CVE-2022-40640.
Ansys SpaceClaim 2022 R1: One of the most popular engineering software applications used by engineers and project managers worldwide
Overview of the vulnerability
Ansys SpaceClaim 2022 R1 is vulnerable to a potential security vulnerability that could lead to code execution. The vulnerability exists due to the failure of the software to properly validate input received from an untrusted user. An attacker could exploit this vulnerability by sending crafted input to the software and consequently execute arbitrary code on the target system.
Ansys SpaceClaim 2022 R1 Security Bypass
Ansys SpaceClaim 2022 R1 is a software application designed to perform optimization on designs of 3D models. It has been found that there is a security bypass issue when running SpaceClaim with the following parameter: -crtVerificationLevel=TRUE. The local user can use this vulnerability to trigger privilege escalation to gain "administrator" privileges.
Introduction to Ansys SpaceClaim R1
Ansys SpaceClaim 2022 R1 is a simulation software tool that allows users to study the impact and performance of their design. It is designed for use in the aerospace and defense industry, but also can be used in other fields. This software has been around since the 1990s and has been updated several times over the years. It was last updated in 2014, but it wasn’t until early 2018 that potential vulnerabilities were found.
Although this issue was discovered in March 2018, it took nearly six months for Ansys to release a patch for this issue. Therefore, if you have SpaceClaim 2022 R1 installed on your computer, you should immediately update your copy of the software to prevent system compromise.
What is CVE-2022-40640?
CVE-2022-40640 is a vulnerability in Ansys SpaceClaim 2022 R1 that manifests itself when a user uses the Clear All command. The vulnerability allows anyone to execute arbitrary code on the targeted machine and then take full control of it. This could grant access to sensitive data, such as personal information.
Timeline
Published on: 09/15/2022 16:15:00 UTC
Last modified on: 09/19/2022 18:24:00 UTC